Install SSL Certificate: IBM HTTP Server

Follow these instructions to install your GeoTrust SSL certificate for your Web site.

Before You Begin

To work with certificates on your IBM server, IBM has a tool called IBM Key Management Utility (IKEYMAN). IKEYMAN is used to create key databases, public-private key pairs, and certificate requests. In order to use IKEYMAN you have to setup your system environment to be able to run IKEYMAN.

Set up your System Environment to run IKEYMAN

Set the home where the JDK is installed: EXPORT JAVA_HOME=the JDK home directory full path name
The minimum JDK level for IKEYMAN support: On AIX: 1.1.6+ or 1.1.8, On WIN32: 1.1.8, On HP, SUN and Linux: 1.1.7
If you want the ability to run IKEYMAN from any directory, add the path where IKEYMAN is installed to your PATH environment variable: EXPORT PATH=$IKEYMAN_HOME/bin:$PATH

Starting and Using IKEYMAN

To start the IKEYMAN graphical user interface:

On AIX, Linux, or Solaris,type ikeyman on the command line.
On Windows, go to the start UI and select Start Key Management Utility.

Install the GeoTrust root CA Certificate

First, you will need to download the appropriate GeoTrust root certificate and save it as a text file. You will need the Base-64 (text) version of the trusted root.
Start the IBM Key Management utility, IKEYMAN.
In the Key Management panel, go to the pull-down menu and select Signer Certificates.
Since the Trusted Root is a text file, select Base64-ASCII encoded data type and change the "*.arm" type to "*.txt" file type. Hit the Browse button and select the Trusted Root certificate .txt file - type the label as Equifax Secure Certificate Authority. This certificate should immediately show up in the list of Signer Certificates.

Install Your GeoTrust Server Certificate

Your SSL server certificate will be sent to you by email. The email message includes the web server certificate that you purchased in the body of the email message. Copy the certificate from the body of the email and paste it into a simple text editor, such as Notepad.
Save the file as mydomain.com.txt.
In the Key Management panel, go to the pull-down menu and select Personal Certificates. Since your new web server certificate is now a text file, select Base64-ASCII encoded data type and change the "*.arm" type to "*.txt" file type. Hit the Receive button and browse to and select your web server certificate file you saved in Step 2. This certificate should immediately show up in the list of Personal Certificates. You can View/Edit to verify your certificate.
Add the desired/required modules to complete your server configuration, including setting up SSL Port 443.
Check your httpd.conf configuration to verify the path to the appropriate key file ("key.db").
Stop, and then Start your IBM HTTP Server.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

The gold padlock icon on your browser will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

These instructions are derived from documentation on the IBM web site:

Learn more about securing your IBM HTTP Server
Learn more about securing your IKEYMAN at IBM